Rapid7 Vulndb - 16970 - Initial updates for fedramp compliance | Upda…

…ted SDK to the latest version (#2734)

plugins/rapid7_vulndb/.CHECKSUM

@@ -1,7 +1,7 @@
 {
-	"spec": "d63a5b67290049ab95c46e4e8f5a2110",
-	"manifest": "38f1be6ef597c95b4c05322e4c808e72",
-	"setup": "83597cc6473bbd2ffc064f63b4aaca87",
+	"spec": "b390ea080bc722e8d781da7c20a19e23",
+	"manifest": "0a91cc770b72a1dc2a8078ea8c33e9e0",
+	"setup": "2034965f898d952d0b9d8164f21dc9f0",
 	"schemas": [
 		{
 			"identifier": "get_content/schema.py",

plugins/rapid7_vulndb/Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.0.0
+FROM --platform=linux/amd64 rapid7/insightconnect-python-3-slim-plugin:6.1.0
 
 LABEL organization=rapid7
 LABEL sdk=python

plugins/rapid7_vulndb/bin/komand_rapid7_vulndb

@@ -6,7 +6,7 @@ from sys import argv
 
 Name = "Rapid7 Vulnerability & Exploit Database"
 Vendor = "rapid7"
-Version = "2.1.3"
+Version = "2.1.4"
 Description = "Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities"
 
 

plugins/rapid7_vulndb/help.md

@@ -47,7 +47,7 @@ Example input:
 
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
-|content_result|content|True|Content record for the vulnerability or module|{'published_at': '2015-11-05T00:00:00.000Z', 'references': 'mozilla-thunderbird-upgrade-38_4', 'severity': '7', 'solutions': 'mozilla-thunderbird-upgrade-38_4', 'title': 'MFSA2015-123 Thunderbird: Buffer overflow during i...', 'alternate_ids': 'BID/77411,CVE/2015-7189,DEBIAN/DSA-3393,DEBIAN/DSA...', 'content_type': 'vulnerability', 'description': '\n    <p>Race condition in the JPEGEncoder function...'}|
+|content_result|content|True|Content record for the vulnerability or module|{"published_at":"2015-11-05T00:00:00.000Z","references":"mozilla-thunderbird-upgrade-38_4","severity":"7","solutions":"mozilla-thunderbird-upgrade-38_4","title":"MFSA2015-123 Thunderbird: Buffer overflow during i...","alternate_ids":"BID/77411,CVE/2015-7189,DEBIAN/DSA-3393,DEBIAN/DSA...","content_type":"vulnerability","description":"\n    <p>Race condition in the JPEGEncoder function..."}|
 
 Example output:
 
@@ -91,7 +91,7 @@ Example input:
 |Name|Type|Required|Description|Example|
 | :--- | :--- | :--- | :--- | :--- |
 |results_found|bool|True|Will return false if no results are found|None|
-|search_results|[]search_result|False|Vulnerability and exploits found|{'identifier': 'ubuntu-cve-2015-9542', 'title': 'Ubuntu: (Multiple Advisories) (CVE-2015-9542): libpam-radius-auth vulnerability', 'published_at': '2020-02-24T00:00:00.000Z', 'solutions': 'ubuntu-upgrade-chromium', 'link': 'https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/content/ubuntu-cve-2015-9542'}|
+|search_results|[]search_result|False|Vulnerability and exploits found|{"identifier":"ubuntu-cve-2015-9542","title":"Ubuntu: (Multiple Advisories) (CVE-2015-9542): libpam-radius-auth vulnerability","published_at":"2020-02-24T00:00:00.000Z","solutions":"ubuntu-upgrade-chromium","link":"https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/content/ubuntu-cve-2015-9542"}|
 
 Example output:
 
@@ -150,6 +150,7 @@ _This plugin does not contain any troubleshooting information._
 
 # Version History
 
+* 2.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version
 * 2.1.3 - Fix critical Snyk vulnerability | Update SDK
 * 2.1.2 - Bumping SDK version to 5.6.1
 * 2.1.1 - Add 404 and 504 error handlers | Add retry

plugins/rapid7_vulndb/komand_rapid7_vulndb/actions/get_content/action.py

@@ -15,7 +15,8 @@ def __init__(self):
         )
 
     def run(self, params={}):
+        # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION
         identifier = params.get(Input.IDENTIFIER)
-        content_result = extract.Content.get(identifier)
+        # END INPUT BINDING - DO NOT REMOVE
 
-        return {Output.CONTENT_RESULT: content_result}
+        return {Output.CONTENT_RESULT: extract.Content.get(identifier)}

plugins/rapid7_vulndb/komand_rapid7_vulndb/actions/search_db/action.py

@@ -3,6 +3,7 @@
 
 # Custom imports below
 from komand_rapid7_vulndb.util import extract
+from insightconnect_plugin_runtime.helper import clean
 
 
 class SearchDb(insightconnect_plugin_runtime.Action):
@@ -15,20 +16,21 @@ def __init__(self):
         )
 
     def run(self, params={}):
-        # Get params
+        # START INPUT BINDING - DO NOT REMOVE - ANY INPUTS BELOW WILL UPDATE WITH YOUR PLUGIN SPEC AFTER REGENERATION
         search_for = params.get(Input.SEARCH)
-        db = params.get(Input.DATABASE)
-        responses = extract.Search.get_results(search_for, db)
-        results = []
+        database = params.get(Input.DATABASE)
+        # END INPUT BINDING - DO NOT REMOVE
+
+        responses = extract.Search.get_results(search_for, database)
 
+        results = []
         for response in responses:
             identifier = response.get("identifier")
             if not identifier:
                 continue
-
             dict_response = response.copy()
             dict_response["solutions"] = extract.Content.get(identifier).get("solutions")
-            results.append(dict_response)
+            results.append(clean(dict_response))
 
         return {
             Output.RESULTS_FOUND: len(results) > 0,

plugins/rapid7_vulndb/komand_rapid7_vulndb/connection/connection.py

@@ -4,15 +4,20 @@
 
 # Custom imports below
 import requests
+from typing import Dict, Any
+from komand_rapid7_vulndb.util.extract import TIMEOUT
 
 
 class Connection(insightconnect_plugin_runtime.Connection):
     def __init__(self):
         super(self.__class__, self).__init__(input=ConnectionSchema())
 
-    def connect(self, params):
-        result = requests.get("https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/info")
-        if result.status_code == requests.codes.ok:
+    def connect(self, params={}) -> None:
+        pass
+
+    @staticmethod
+    def test() -> Dict[str, Any]:
+        response = requests.get("https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/info", timeout=TIMEOUT)
+        if response.status_code == requests.codes.ok:
             return {"success": True}
-        else:
-            raise ConnectionTestException(preset=ConnectionTestException.Preset.SERVICE_UNAVAILABLE)
+        raise ConnectionTestException(preset=ConnectionTestException.Preset.SERVICE_UNAVAILABLE)

plugins/rapid7_vulndb/plugin.spec.yaml

@@ -4,19 +4,20 @@ products: [insightconnect]
 name: rapid7_vulndb
 title: Rapid7 Vulnerability & Exploit Database
 description: Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities
-version: 2.1.3
-sdk:
-  type: slim
-  version: 6.0.0
-  user: nobody
-supported_versions: ["v1"]
+version: 2.1.4
 connection_version: 2
+supported_versions: ["v1"]
 vendor: rapid7
 support: rapid7
 cloud_ready: true
+fedramp_ready: true
+sdk:
+  type: slim
+  version: 6.1.0
+  user: nobody
 key_features:
-- Search Database for vulnerabilities
-- Retrieve vulnerability or Metasploit module details based on a CVE or module identifier
+  - Search Database for vulnerabilities
+  - Retrieve vulnerability or Metasploit module details based on a CVE or module identifier
 requirements: "_This plugin does not contain any requirements._"
 troubleshooting: "_This plugin does not contain any troubleshooting information._"
 status: []
@@ -25,16 +26,17 @@ resources:
   license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
   vendor_url: https://www.rapid7.com
 tags:
-- vulnerability
-- exploit
-- rapid7
-- database
-- vulndb
+  - vulnerability
+  - exploit
+  - rapid7
+  - database
+  - vulndb
 references:
 - "[Rapid7 Vulnerability & Exploit Database API Specification](https://vdb.rapid7.com/swagger_doc)"
 links:
 - "[Rapid7 Vulnerability & Exploit Database API Specification](https://vdb.rapid7.com/swagger_doc)"
 version_history:
+- "2.1.4 - Initial updates for fedramp compliance | Updated SDK to the latest version"
 - "2.1.3 - Fix critical Snyk vulnerability | Update SDK"
 - "2.1.2 - Bumping SDK version to 5.6.1"
 - "2.1.1 - Add 404 and 504 error handlers | Add retry"
@@ -159,7 +161,7 @@ actions:
         type: 'content'
         description: Content record for the vulnerability or module
         required: true
-        example: { "published_at": "2015-11-05T00:00:00.000Z", "references": "mozilla-thunderbird-upgrade-38_4", "severity": "7", "solutions": "mozilla-thunderbird-upgrade-38_4", "title": "MFSA2015-123 Thunderbird: Buffer overflow during i...", "alternate_ids": "BID/77411,CVE/2015-7189,DEBIAN/DSA-3393,DEBIAN/DSA...", "content_type": "vulnerability", "description": "\n    <p>Race condition in the JPEGEncoder function..." }
+        example: '{"published_at":"2015-11-05T00:00:00.000Z","references":"mozilla-thunderbird-upgrade-38_4","severity":"7","solutions":"mozilla-thunderbird-upgrade-38_4","title":"MFSA2015-123 Thunderbird: Buffer overflow during i...","alternate_ids":"BID/77411,CVE/2015-7189,DEBIAN/DSA-3393,DEBIAN/DSA...","content_type":"vulnerability","description":"\n    <p>Race condition in the JPEGEncoder function..."}'
   search_db:
     title: Search Database
     description: Search the database to find vulnerabilities and exploits
@@ -169,8 +171,8 @@ actions:
         description: Name of the database
         type: string
         enum:
-        - Vulnerability Database
-        - Metasploit Modules
+          - Vulnerability Database
+          - Metasploit Modules
         required: true
         example: "Vulnerability Database"
       search:
@@ -185,11 +187,9 @@ actions:
         type: '[]search_result'
         description: Vulnerability and exploits found
         required: false
-        example: { "identifier": "ubuntu-cve-2015-9542", "title": "Ubuntu: (Multiple Advisories) (CVE-2015-9542): libpam-radius-auth vulnerability", "published_at": "2020-02-24T00:00:00.000Z", "solutions": "ubuntu-upgrade-chromium", "link": "https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/content/ubuntu-cve-2015-9542" }
+        example: '{"identifier":"ubuntu-cve-2015-9542","title":"Ubuntu: (Multiple Advisories) (CVE-2015-9542): libpam-radius-auth vulnerability","published_at":"2020-02-24T00:00:00.000Z","solutions":"ubuntu-upgrade-chromium","link":"https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/content/ubuntu-cve-2015-9542"}'
       results_found:
         title: Results Found
         description: Will return false if no results are found
         type: bool
         required: true
-
-

plugins/rapid7_vulndb/requirements.txt

@@ -2,4 +2,4 @@
 # All dependencies must be version-pinned, eg. requests==1.2.0
 # See: https://pip.pypa.io/en/stable/user_guide/#requirements-files
 jsonschema==3.2.0
-setuptools==70.0.0
+setuptools==73.0.1

plugins/rapid7_vulndb/setup.py

@@ -3,7 +3,7 @@
 
 
 setup(name="rapid7_vulndb-rapid7-plugin",
-      version="2.1.3",
+      version="2.1.4",
       description="Make searching the Rapid7 vulnerability and exploit data fast, easy and efficient with the InsightConnect plugin. Leverage this curated repository of vetted computer software exploits and exploitable vulnerabilities to ensure your security operations are always aware of the latest threats that could be used against your environment vulnerabilities",
       author="rapid7",
       author_email="",

plugins/rapid7_vulndb/unit_test/mock.py

@@ -1,8 +1,6 @@
 import json
 import os
 
-import requests.models
-
 from util import Util
 
 STUB_IDENTIFIER = "3395856ce81f2b7382dee72602f798b642f14140-cve"
@@ -52,10 +50,10 @@ def json(self):
         return MockResponse("get_content_bad", 404)
     if args[0] == f"https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/content/{STUB_504_IDENTIFIER}":
         return MockResponse("get_content_bad2", 504)
-    if args[0] == f"https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/search":
-        query = kwargs.get("params").get("query")
-        page = kwargs.get("params").get("page")
-        type_ = kwargs.get("params").get("type")
+    if args[0] == "https://vdb-kasf1i23nr1kl2j4.rapid7.com/v1/search":
+        query = kwargs.get("params", {}).get("query")
+        page = kwargs.get("params", {}).get("page")
+        type_ = kwargs.get("params", {}).get("type")
         if query == STUB_SEARCH_NO_RESULTS_IDENTIFIER:
             return MockResponse("search_db_no_results", 200)
         if query == STUB_SEARCH_404_IDENTIFIER:

plugins/rapid7_vulndb/unit_test/payloads/get_content.json.resp

@@ -1,57 +1,57 @@
 {
-    "id": 123456789,
-    "type": "Nexpose",
-    "identifier": "test_identifier_1",
-    "title": "test_title_1",
-    "description": "\n    <p>test_description_1</p>\n  ",
-    "data": {
-        "solutions": [
-            "test_solution_1"
-        ],
-        "alternate_ids": [
-            {
-                "namespace": "CVE",
-                "name": "2021-12345",
-                "unified_name": "CVE/2021-12345"
-            },
-            {
-                "namespace": "DEBIAN",
-                "name": "DSA-1234",
-                "unified_name": "DEBIAN/DSA-1234"
-            },
-            {
-                "namespace": "URL",
-                "name": "https://example.com.html",
-                "unified_name": "URL/https://example.com.html"
-            }
-        ],
-        "severity": "4",
-        "csvss": "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
-        "date_published": "2021-01-01T00:00:00+00:00",
-        "date_added": "2021-01-01T00:00:00+00:00",
-        "date_modified": "2022-01-01T00:00:00+00:00"
-    },
-    "references": [
-        "test_reference_1"
+  "id": 123456789,
+  "type": "Nexpose",
+  "identifier": "test_identifier_1",
+  "title": "test_title_1",
+  "description": "\n    <p>test_description_1</p>\n  ",
+  "data": {
+    "solutions": [
+      "test_solution_1"
+    ],
+    "alternate_ids": [
+      {
+        "namespace": "CVE",
+        "name": "2021-12345",
+        "unified_name": "CVE/2021-12345"
+      },
+      {
+        "namespace": "DEBIAN",
+        "name": "DSA-1234",
+        "unified_name": "DEBIAN/DSA-1234"
+      },
+      {
+        "namespace": "URL",
+        "name": "https://example.com.html",
+        "unified_name": "URL/https://example.com.html"
+      }
     ],
-    "created_at": "2021-01-01T00:00:00.000Z",
-    "updated_at": "2021-01-01T00:00:00.000Z",
-    "published_at": "2021-01-01T00:00:00.000Z",
-    "content_type": "vulnerability",
-    "content_url": "https://example.com",
-    "hits": 0,
-    "alternate_id_urls": [
-        {
-            "text": "CVE-2021-12345",
-            "url": "http://example.com/cve/cve-2021-12345"
-        },
-        {
-            "text": "DEBIAN-DSA-1234",
-            "url": "#"
-        },
-        {
-            "text": "URL-https://example.com.html",
-            "url": "https://example.com.html"
-        }
-    ]
+    "severity": "4",
+    "csvss": "(AV:N/AC:M/Au:N/C:P/I:N/A:N)",
+    "date_published": "2021-01-01T00:00:00+00:00",
+    "date_added": "2021-01-01T00:00:00+00:00",
+    "date_modified": "2022-01-01T00:00:00+00:00"
+  },
+  "references": [
+    "test_reference_1"
+  ],
+  "created_at": "2021-01-01T00:00:00.000Z",
+  "updated_at": "2021-01-01T00:00:00.000Z",
+  "published_at": "2021-01-01T00:00:00.000Z",
+  "content_type": "vulnerability",
+  "content_url": "https://example.com",
+  "hits": 0,
+  "alternate_id_urls": [
+    {
+      "text": "CVE-2021-12345",
+      "url": "http://example.com/cve/cve-2021-12345"
+    },
+    {
+      "text": "DEBIAN-DSA-1234",
+      "url": "#"
+    },
+    {
+      "text": "URL-https://example.com.html",
+      "url": "https://example.com.html"
+    }
+  ]
 }

plugins/rapid7_vulndb/unit_test/payloads/get_content_bad.json.resp

@@ -1,3 +1,3 @@
 {
-    "error": "The requested content item could not be found"
+  "error": "The requested content item could not be found"
 }